software defined networking CS 6410 Fall 2017 Eric Campbell and - PowerPoint PPT Presentation

software defined networking CS 6410 Fall 2017 Eric Campbell and Rolph Recto

software defined networking

software defined networking (OpenFlow, originally)

“Stanford computer scientist Nick McKeown and colleagues developed a standard called OpenFlow that essentially opens up the Internet to researchers, allowing them to define data flows using software–a sort of ‘ software-defined networking .’ Installing a small piece of OpenFlow firmware (software embedded in hardware) gives engineers access to flow tables, rules that tell switches and routers how to direct network traffic.”

control plane data plane routing packet forwarding isolation packet scheduling traffic engineering

traditional networking

SDN

software defined networking (programmable)

Active Networks Separating the Data and Control Planes OpenFlow SDN Today

Tennenhouse & Wetherall Smart Packets NetScript ANTS 1995 2000 2005 2010 2015

network ossification use pulls technology pushes desire for unified middlebox interface

lower compute costs use pulls advances in programming languages technology pushes DARPA Active Networks

programmable switches

sniff.java

srcIP count with sniff.java installed, switch maintains table of packet counts by source IP

srcIP count 10.0.0.1 1 ...

srcIP count 10.0.0.1 1 10.0.0.2 1 ...

capsules

packet contains instructions to Tiny Packet Programs Jeyakumar et al, 2014 push switch info at every hop In-Band Network Telemetry Kim et al, 2016 ...

switch ID egress time 2 1510765743 ...

switch ID egress time 3 1510765745 2 1510765743 ...

whither active networks?

whither active networks? performance and security concerns “The misconception that packets would necessarily carry Java code written by end users made it no “killer app” possible to dismiss active network research as too far removed from real networks and inherently unsafe.” no practical deployment plan “The Road to SDN,” Feamster et al 2014

whither active networks? performance and security concerns “The misconception that packets would necessarily carry Java code written by end users made it no “killer app” possible to dismiss active network research as too far removed from real networks and inherently unsafe.” no practical deployment plan “The Road to SDN,” Feamster et al 2014

Tennenhouse & Wetherall Whippersnapper Smart Packets P4FPGA SIGCOMM 2014 In-Band Network NetScript Telemetry ANTS Tiny Packet Programs 1995 2000 2005 2010 2015

Active Networks Separating the Data and Control Planes OpenFlow SDN Today

PCE 4D SoftRouter Tempest Ethane ForCES protocol RCP IRSCP 1995 2000 2005 2010 2015

PCE 4D SoftRouter Tempest Ethane ForCES protocol RCP IRSCP 1995 2000 2005 2010 2015

burgeoning network speeds use pulls insufficient network reliability technology pushes specialized services (VPNs)

use pulls open interface between control and data planes technology pushes logically centralized control

Open Shortest Path First (OSPF) ... 1μs

OSPF 20μs 1μs 2μs 3μs 1μs 2μs 1μs 10μs 5μs

OSPF ... 20μs 1μs 2μs 3μs 1μs 2μs 1μs 10μs 5μs ...

OSPF ... ... 20μs ... 1μs 2μs ... 3μs 1μs 2μs 1μs 10μs 5μs

SoftRouter Network Entity (NE) Control Element (CE) ForCES Forwarding Entity (FE)

SoftRouter

SoftRouter Network Entity (NE) Control Element (CE) 20μs 1μs 2μs 3μs 1μs Forwarding 2μs 1μs Entity (FE) 10μs 5μs

Shortest Path Routing 20μs 1μs 2μs 3μs 1μs A B 2μs 1μs 10μs 5μs

whither SoftRouter (and others)? vendors didn’t adopt ForCES (and others) not general enough no practical deployment plan

Active Networks Separating the Data and Control Planes OpenFlow SDN Today

OpenFlow Ethane NOX 1995 2000 2005 2010 2015

OpenFlow: enabling innovation in campus networks Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Scott Shenker, Jonathan Turner SIGCOMM 2008

Nick McKeown Jennifer Rexford Stanford Princeton Scott Shenker Berkeley

Nick McKeown Jennifer Rexford Stanford Princeton Scott Shenker Martín Casado Berkeley Stanford

networking research use pulls market factors technology pushes datacenter networks

backwards compatible use pulls general packet processing technology pushes (more fields to match on)

OpenFlow protocol fields counter action flow srcIp=10.0.0.*, ipProto=TCP 10 pt = 2 table dstPort=80 0 drop

learning switch 1 3 2

MAC port controller maintains hash table of MAC to port number mappings 1 3 2

MAC port src: spongebob dst: patrick msg: I’M READY ... 1 3 2

MAC port ... packet_in 1 3 2

MAC port spongebob 1 ... packet_in 1 3 2

MAC port spongebob 1 packet_out ... 1 3 2

MAC port spongebob 1 ... 1 3 2 ...

MAC port install rule: forward packets for spongebob to port 1 spongebob 1 flow_mod 1 3 2

MAC port src: patrick dst: spongebob spongebob 1 msg: i’m patrick 1 3 2 ...

MAC port no flooding required! spongebob 1 ... 1 3 2

firewall 1 3 2

install rule: drop packets destined for squidward flow_mod 1 3 2

src: spongebob dst: squidward msg: hello ... 1 3 2

Active Networks Separating the Data and Control Planes OpenFlow/SDN SDN Today

Abstractions for Frenetic Network Update NetKAT Propane 1995 2000 2005 2010 2015

Abstractions for Frenetic Network Update NetKAT Propane 1995 2000 2005 2010 2015

NetKAT Forwarding Policy (F) if sw==A then (if pt==1 then pt=2 elif pt==2 then pt=1) elif sw==B then Network Behavior (if pt==1 then p=2 elif pt=2 then pt=1) run( F ; T ) else drop Topology (T) if sw==A and pt==2 then (sw=B; pt=1) elif sw==B and pt==1 then (sw=A; pt=2) else drop A B 1 2 1 2 H1 H2

NetKAT Intuition: These are functions from packets Forwarding Policy (F) to sets of packets if sw==A then (if pt==1 then pt=2 elif pt==2 then pt=1) elif sw==B then Network Behavior (if pt==1 then p=2 elif pt=2 then pt=1) run( F ; T ) else drop Topology (T) if sw==A and pt==2 then (sw=B; pt=1) elif sw==B and pt==1 then (sw=A; pt=2) else drop A B 1 2 1 2 H1 H2

Want to show: Invariant true when SSH packets sent from H1 get to H2 P1 is equivalent to P2 . if typ==SSH and @h1 if typ==SSH and @h1 P1 P2 then run( F ; T ); then run( F ; T ) eventually(@h2) let @h1 be sw==A and pt==1 let @h2 be sw==B and pt==2 A B 1 2 1 2 H1 H2

Want to show: Invariant true when SSH packets sent from H1 get to H2 P1 is equivalent to P2 . if typ==SSH and @h1 if typ==SSH and @h1 P1 P2 then run( F ; T ); then run( F ; T ) eventually(@h2) SSH packets from H1 A B 1 2 1 2 H1 H2

Want to show: Invariant true when SSH packets sent from H1 get to H2 P1 is equivalent to P2 . if typ==SSH and @h1 if typ==SSH and @h1 P1 P2 then run( F ; T ); then run( F ; T ) eventually(@h2) “run” the network A B 1 2 1 2 H1 H2

Want to show: Invariant true when SSH packets sent from H1 get to H2 P1 is equivalent to P2 . if typ==SSH and @h1 if typ==SSH and @h1 P1 P2 then run( F ; T ); then run( F ; T ) eventually(@h2) packets received by H2 A B 1 2 1 2 H1 H2

NetKAT A if sw == A then: 1 2 if port == 1 then port := 2 elif port == 2 then port := 3 C else drop 3 1 elif sw == B then: 3 if port==1 drop else port := 1 2 3 2 elif sw == C if port == 1 then port :=3 1 elif port == 3 then port :=2 elif port == 2 drop; B

NetKAT A if sw == A then: 1 2 if port == 2 then alert_ctrl else port := 3 C 3 if sw == B then: 1 if port == 1 then drop 3 elif port == 2 then port := 3 elif port == 3 then port := 2 2 3 2 if sw == C if port == 1 then alert_ctrl 1 elif port == 2 then port := 1 elif port == 3 then port := 2 B

whither SDN?

whither SDN?

questions?

thanks!